The flashcards below were created by user jane.bennet on FreezingBlue Flashcards.

  1. 5 types of opinions
    • Standard unqualified
    • Unqualified with explanatory paragraph
    • Qualified
    • Adverse
    • Disclaimer
  2. Important paragraphs of audit report
    • Introductory
    • Scope
    • Opinion
  3. 5 conditions for standard unqualified audit report
    • 1. All 4 required statements are included
    • 2. The 3 general standards have been followed
    • 3. Sufficient evidence and auditor can conclude that 3 standards have been met
    • 4. Financial Statements are GAAP
    • 5. No circumstances requiring an explanatory paragraph
  4. 5 causes of explanatory paragraph
    • GAAP not consistently applied
    • substantial doubt about going concern
    • auditor agrees with departure from accounting principle
    • emphasis of a matter
    • reports involving other auditors
  5. 3 conditions to depart from unqualified report
    • 1. Scope limitation
    • 2. Departure from GAAP
    • 3. Auditor is not independent
  6. Scope limitation
    • Not enough evidence to conclude if statements are in accordance with GAAP
    • 2 causes= 1. caused by client (mgt refusal to cooperate) 2. circumstances that can't be controled (impossible due to timing)
  7. GAAP Departure
    • Client insists on using non-GAAP method
    • consider adequacy of disclosures
  8. Adverse opinion
    • financial statements are materially misleading and don't represent financial position of company
    • auditor has knowledge after adequate investigation of absence of conformity
  9. Disclaimer
    • auditor not satisfied that financial statements are fairly presented
    • severe limitation of scope or auditor not independent
  10. Qualified Opinion
    • overall financial statements are fairly stated EXCEPT FOR scope limitation or GAAP departure
    • can be qualification of opinion alone (only for GAAP departures) or scope and opinion
  11. Independence in Fact
    auditor maintains unbiased attitude throughout audit
  12. Independence in Appearance
    Regardless of independence of fact, auditor must appear independent to others as well, or else value of audit is lost
  13. 4 parts to the AICPA code of professional conduct
    • 1. Principles
    • 2. Rules of conduct
    • 3. interpretation of rules
    • 4. ethical ruling
  14. Rule 101 covered members
    • people on the engagement team
    • people who can influence the engagment (those who supervise or evaluate the partner)
    • partner or manager who provides non attest services
    • partner in the office of the responsible partner
    • firm and employee benefits plans
    • an entity controllled by a covered member
  15. direct financial interest
    • ownership of stock or equity shares by member or immediate family
    • violation of independence
  16. indirect financial interest
    • close but not direct relationship between auditor and client
    • example=covered members mutual fund has investment in client
    • only violates independence if material
  17. AICPA rules of conduct
    • 101=independence
    • 102=integrity and objectivity
    • 201=general standards
    • 203=accounting principles
    • 301=confidential client information
    • 302=contingent fees prohibited
  18. Rule 201
    members must comply with the following standards and interpretations

    • A. Professional compentence
    • B. Due professional care
    • C. Planning and supervision
    • D. Sufficient relevent data
  19. Rule 301
    client info can't be disclosed without client consent

    exceptions= 1. obligations related to technical standards 2. subpoena or summons by law (CPA client info is not privileged) 3. peer review if authorized by AICPA 4. response to ethics division
  20. business failure
    business can't pay debts because of economic or business conditions
  21. audit failure
    auditor issues incorrect audit opinion
  22. audit risk
    • possibility that audit opinion is wrong, despite auditor doing everything right
    • unavoidable
  23. 4 sources of legal liability
    • 1. liability to clients
    • 2. liability to third parties under common law
    • 3. civil liability under federal securities laws
    • 4. criminal liability
  24. levels of negligence
    • ordinary negligence=absence of reasonable care that should be expected in that situation
    • gross negligence=lack of any care.
    • constructive fraud=extreme or unusual negligence, but no intent to deceive. Recklessness
    • fraud=misstatement with knowledge of falsity and intent to deceive
  25. 4 defenses against client suits
    • 1. Lack of duty
    • 2. non negligent performance
    • 3. contributory negligence
    • 4. absence of causal connection
  26. lack of duty
    Use engagement letter to claim that there was no implied or express contract
  27. non negligent performance
    • auditor is not responsible for undiscovered misstatements if the audit was conducted properly
    • CPA firm is not expected to be infallible
  28. contributory negligence
    • The event the client is sueing for is the clients own fault
    • example=client lied to auditor, or failed to correct weaknesses that the auditor warned them of
  29. Liability to third parties and the Ultramares doctrine
    • CPA firm can only be liable to third party for ordinary negligence if the third party is a primary beneficiary
    • auditor can be liable to general third parties if there is worse negligence
  30. auditor defenses against third party suits
    • lack of duty to perform services
    • non negligent performance
    • absence of causal connection
  31. Securities act of 1933
    • reporting requirements for companies issuing new securities
    • only original purchasers of securities can recover from auditors
    • potential recovery is original purchase prices less value of securities at time of suit
  32. Securities act of 1933 burden of proof
    • defendent (auditor has burden of proof)
    • third party users don't have burden of proof of reliance on financial statements
  33. Securities Exchange act of 1934
    audited annual financial statements required to be issued by the SEC
  34. Rule 10b-5 of Securities Exchange act of 1934
    • anti-fraud provisions applied to direct sellers, accountants, underwriters, etc.
    • accountants are liable if the intentionally or recklessly misrepresent info intended for third party users
  35. auditors defenses against 1934 act suits
    • non negligent performance
    • lack of duty
    • absence of causal connection
  36. Criminal liabililty
    • criminal offense to defraud someone through the knowing use of false financial statements
    • felony to destroy or create documents to obstruct a federal investigation
  37. steps to develop audit objectives
    • understand objectives and responsibilities for the audit
    • divide financial statements into cycles
    • know management assertions about financial statements
    • know general audit objectives for classes of trans, acct, and disclosures
    • know specific audit objectives etc.
  38. material
    able to change or influence the decisions of a reasonable user of financial statements
  39. reasonable assurance
    high, but not absolute level of assurance that financial statements are free from material misstatements
  40. 3 reasons for reasonable but not absolute assurance
    • 1. use of samples carries risk of not discovering material misstatement
    • 2. complex estimates involve uncertainty
    • 3. fraudulent financial statements are hard to detect, expecially when management works together
  41. error
    • unintentional misstatement of financial statements
    • can be either material or immaterial
  42. Fraud
    • intentional
    • misappropriation of assets=defalcation or employee fraud
    • fraudulent financial reporting=management fraud
  43. professional skeptisism
    • always consider possibility of dishonesty
    • accomplish reasonable assurance of detecting both material errors and fraud
  44. 3 levels of responsibility for finding and reporting illegal acts
    • evidence accumulatioin when there is no reason to believe indirect effect illegal acts exist
    • evidence accumulation and other actions when there is reason to believe direct or indirect effect illegal acts may exist
    • actions when auditor knows of illegal act
  45. cycle approach
    divide audit into segments based on closely related classes of transactions and account balances
  46. major cycles
    • sales and collections cycle
    • acquisition and payment cycle
    • payrol and personnel cycle
    • inventory and warehousing cycle
    • capital acquisition and repayment cycle
  47. 3 audit objectives
    • transaction related
    • balance related
    • presentation and disclosure related
  48. 3 categories of management assertions
    • 1. assertions about classes of transactions and events for the period under audit
    • 2. assertions about account balances at year end
    • 3. assertions about presentation and disclosures
  49. assertions about classes of transactions and events
    • occurrence=did recorded transactions actually occur during accounting period in question (related to account overstatements)
    • completeness=are all transactions that should be included actually included (related to account understatements)
    • accuracy=were transactions recorded at correct amounts
    • classification=are transactions recorded in the appropriate accounts
    • cutoff=are transactions recorded in the correct accounting period
  50. assertions about account balances
    • existence=did A, L and equity included on balance sheet actually exist on balance sheet date
    • completeness=are all accounts and amounts that should be included actually included
    • valuation and allocation=are A, L and equity recorded at appropriate amounts i.e. valuation adjustments, net realizable value etc.
    • rights and obligations=are assets owned and liabilities owed like stated on balance sheet
  51. assertions about presentation and disclosure
    • occurrence, rights and obligations=have disclosed events occurred and are they the rights and obligations of the entity
    • completeness=are all required disclosures included in the financial statements
    • accuracy and valuation=is information disclosed fairly and at appropriate amounts
    • classification and understandability=are amounts appropriately classified. are balance descriptions and disclosures understandable
  52. 6 transaction related audit objectives
    • occurance=do recorded transactions actually exist
    • completeness=were all transactions that should have been included actually recorded
    • accuracy=were recorded transactions recorded at the correct amount
    • posting and summarization=was info properly transfered from journals to general ledger/master file
    • classification=are transactions included in the appropriate accounts
    • timing=are transactions recorded on the correct dates
  53. 8 balance related audit objectives
    • existence=should amounts included in financial statements actually be included
    • completeness=are all amounts that should be included included
    • accuracy=are the amounts reported the correct amounts
    • classification=are items included in the correct general ledger accounts
    • cutoff=are transactions near the b/s date included in the correct period
    • detail tie in=are details accurate, correct and in agreement with the general ledger
    • realizable value=assets are included in the amounts estimated to be realized
    • rights and obligations=are assets truly owned and liabilities truly owed
  54. 4 phases of the audit process
    • plan and design an audit approach
    • perform tests of controls and substantive tests of transactions
    • perform analytical procedures and tests of details of balances
    • complete the audit and issue an audit report
  55. 4 decisions for amount and type of evidence
    • 1. which audit procedure to use
    • 2. what sample size to select
    • 3. which items to select from the population
    • 4. when to perform the procedures
  56. audit procedure
    detailed instruction explaining waht evidence to collect
  57. persuasiveness of evidence is based on
    • appropriateness
    • sufficiency
  58. appropriateness of evidence
    • measures to quality of the evidence
    • relevence of evidence=evidence must pertain to audit objective
    • reliability of evidence =how believable is the evidence
  59. 6 characteristics of reliable evidence
    • independence of provider
    • effectiveness of clients internal controls
    • auditor's direct knowledge
    • qualifications of people providing the evidence
    • degree of objectivity
    • timeliness
  60. sufficiency of evidence
    • quantity of evidence
    • varied population
  61. 2 factors to determine correct quantity of evidence
    • auditors expectations of misstatements
    • effectiveness of clients internal controls
  62. 8 types of evidence
    • physical examination
    • confirmation
    • documentation
    • analytical procedures
    • inquiries of the client
    • recalculation
    • reperformance
    • observation
  63. confirmation
    • written/oral response from independent third party
    • costly buy very reliable
    • US auditing standards require it for accounts receivable when practical and reasonable
    • must be controlled by auditor
  64. documentation
    • inspection of documents and records
    • low cost and easy to get (sometimes only reasonable evidence available)
    • internal usually only acceptable if processed under good internal control
    • external usually more reliable
    • vouching=using documentation to support transactins/amounts
  65. analytical procedures
    • uses comparisons to check whether data is reasonable compared to auditor's expectations
    • required during planning and completion phases on all audits
  66. purposes of analytical prodecures
    • understand the client's industry and business
    • assess the entity's ability to continue as a going concern
    • indicate the presence of possible F/S misstatements
    • reduce detailed audit tests
  67. costs of evidence types
    • Most costly=physical examination, confirmation
    • moderately costly=documentation, analytical procedures, reperformance
    • least costly=observation, inquiries of the client, recalculation
  68. audit documentation
    • principle record of auditing procedures applied, evidence obtained, and conclusions reached by auditor
    • provides reasonable assurance that an adequate audit was conducted in accordance auditing standards
  69. ownership of audit documentation/files
    • property of the auditor
    • no one else can examine files unless files are subpoenaed
  70. audit file retention
    • auditing standards require minimum retention of 5 years
    • SOX requires at least 7 for public companies
  71. permanent files
    • data that is either historical or continuing in natures
    • important company documents such as bylaws, contracts etc.
    • PY analysis that still have importance such as LT debt, fixed assets, etc.
    • info to understand internal control and assess control risk
    • results of PY analytical procedures
  72. current files
    • documentation applicable to CY audit
    • audit program and general info
    • working trial balance
    • adjusting and reclassification entries
    • supporting schedules
  73. major types of supporting schedules
    • analysis
    • trial balance/list
    • reconcilation of amounts
    • tests of reasonableness
    • summary of procedures
    • examination of supporting documents
    • informational
    • outside documentation
  74. reasons to properly plan an audit engagement
    • enables auditor to obtain sufficient appropriate evidence
    • keep audit costs reasonable
    • avoid misunderstandings with the client
  75. acceptable audit risk
    • how willing is the auditor to accept that the financial statements might be materially misstated after the audit is complete
    • lower acceptable risk means the auditor wants more certainty
  76. inherent risk
    measure of auditor's assessment of the likelihood that there are material misstatements before considering the effectiveness of internal control
  77. 8 major parts of audit planning
    • accept client and perform initial planning
    • understand clients business and industry
    • assess clients business risk
    • perform preliminary analytical procedure
    • set materiality and assess acceptable audit and inherent risk
    • understand internal control and assess control risk
    • gather information to assess fraud risks
    • develop overall audit plan and program
  78. initial audit planning
    • 1. decides whether to accept client
    • 2. identify why client wants or needs audit
    • 3. obtain understanding with the client about terms of audit
    • 4. auditor develops overall strategy including engagement staffing and any required specialists
  79. factors affecting acceptable audit risk
    • who are the statement users
    • what are the statements used for
  80. system to understanding business and industry
    • industry and external environment
    • business operations and processes
    • management and government
    • objectives and strategies
    • measurement and performance
  81. understanding industry and external environment
    • specific industry risks may affect auditors acceptance
    • clients in certain industries have common inherent risks
    • some industries have unique accounting requirements
  82. understanding business operations and processes
    • tour client facilities and operations=helps identify inherent risk
    • identify related parties=related party transactions must be disclosed
  83. client business risk
    risk tht the client will fail to achieve its objectives
  84. preliminary analytical procedures
    • compare to PY ratios or other companies as a benchmark
    • unusual changes identify higher risk of misstatement
  85. when to perform analytical prodecures
    • required in the planning phase=identifies areas of focus
    • often done during testing phaes=supports account balances
    • required during completion phase=final objective review
  86. 5 types of analytical procedures i.e. compare client data with
    • 1. industry data
    • 2. similar PY data
    • 3. client determined expected results
    • 4. auditor determined expected results
    • 5. expected results using non financial data
  87. 2 shortcomings of using hard numbers instead of ratios
    • fails to consider growth or decline in business activity
    • relationships of data to other data are ignored
  88. common-size financial statements
    display all items of the statement as a percentage of a base
  89. Short term debt paying ability
    • cash ratio=(cash+marketable securities)/CL
    • quick ratio=(cash+marketable securities+net a/r)/CL
    • current ratio=CA/CL
  90. liqidity activity ratios
    • a/r turnover=netsales/average gross receivables
    • days to collect a/r=365 days/accts receivable turnover
    • inventory turnover=COGS/average inventory
    • days to sell inventory=365 days/inventory turnover
  91. ability to meet LT debt obligations
    • debt to equity=total L/total E
    • times interest earned=operating income/interest expense
  92. profitability ratios
    • EPS=NI/average common shares outstanding
    • GP %=(net sales-COGS)/net sales
    • PM=operating income/net sales
    • ROA=income before taxes/average total assets
    • ROE=(income before taxes-preferred div)/average stockholders equity
  93. steps in applying materiality
    • 1. set preliminary judgement about materiality
    • 2. allocate preliminary judgement to segments
    • 3. estimate total misstatement in segment
    • 4. estimate combined misstatement
    • 5. compare combined estimate with preliminary or revised judgement
  94. preliminary judgement about materiality
    • maximum amount statements could be misstated and still not affect the decisions of reasonable users
    • helps plan appropriate evidence to accumulate
  95. allocation of preliminary materiality judgement
    • usually based on B/S instead of I/S
    • allocated materiality=tolerable misstatement
  96. 2 types of misstatements
    • known=amount can be determined
    • likely=differneces between managers and auditors judgement about account balance estimates. projections of misstatements based on auditor's tests of samples
  97. audit risk model
    helps decide how much and what types of evidenceto collect

    Planned detection risk=acceptable audit risk/(inherent risk*control risk)
  98. planned detection risk
    risk that audit evidence for a segment will fail to detect misstatements exceeding tolerable misstatements
  99. inherent risk
    measures auditor's assessment of the likelyhood that there are material misstatements before considering internal control
  100. control risk
    will misstatements exceeding a tolerable amount be prevented or detected by clients internal controls
  101. risk of material misstatement
    inherent risk + control risk
  102. audit assurance
    • complement of acceptable audit risk
    • 1-acceptable audit risk %
  103. relationships in audit risk model
    acceptable audit risk decreases=planned detection risk decreases=planned evidence increases
  104. factors affecting engagement risk
    • how much will external users rely on statements
    • likelyhood that client will suffer financial difficulties after the audit report is issued
    • auditor's evaluation of managements integrity
  105. factors to consider when assessing inherent risk
    • nature of the clients business
    • results of previous audits
    • inital vs. repeat engagement
    • related parties
    • nonroutine transactions
    • amount of judgement required to correctly record account balances and transactions
    • makeup of the population
    • fraud and missappropriations of assets
  106. change audit to respond to risk
    • assign more experienced staff. professional skeptisism is very important
    • review the engagement more carefully. including by people who were not assigned.
  107. acceptable risk throughout the audit
    • assessed during planning and generally held constant for each major cycle and account
    • constant for all accounts=users should have same assurance for all accounts
    • lower for some accounts=users are more concerned about certain accounts
  108. revising risks and evidence-original assessments were incorrect
    • 1. revise original assessment of risk
    • 2. consider effectes of revised risk on evidence
  109. SOX 404
    • requires auditors to assess and report on the effectiveness of internal controls over financial reporting
    • requires management to publically report on effectiveness of controls
  110. internal control objectives
    • 1. reliability of financial reporting
    • 2. efficiency and effectiveness of operations
    • 3. compliance with laws and regulations
  111. collusion
    act of two or more employees who conspire together to avoid internal controls
  112. managements sec. 404 reporting responsibilities
    • statement that management is responsible for establishing and maintaining adequate internal control
    • assessment of effectiveness of internal controls for financial reporting as of the end of the year
  113. internal control framework used by most US companies
    COSO internal control integrated framework
  114. key components of managements assessment of internal control
    • design=address risks to prevent and detect material misstatement
    • operating effectiveness =test whether controls are operating as designed and disclose material weakness
  115. internal conrol audit emphasis
    • controls over classes of transactions=accuracy of outputs (balances) depends on accuracy of inputs (transactions)
    • primary concern is transaction related audit objectives
  116. 5 components of COSO internal control framework
    • 1. control environment
    • 2. risk assessment
    • 3. control activities
    • 4. information and communication
    • 5. monitoring
  117. control environment
    • tone at the top
    • ethics and values
    • board assures that management implements internal control
    • HR-internal control is only as strong as the people implementing it
  118. risk assessment
    • minimize errors and fraud
    • are financial statements prepared in accordance with GAAP
  119. control activities
    • adequate separation of duties
    • proper authorization of transactions and activities=general or specific
    • adequate documents and records=prenumbered, prepared when transaction occurs, multiple uses, encourage correct preparation
    • physical control over assets and records-protect against theft
    • independent checks on performance
  120. information and communication
    how are transactions

    • 1. initiated
    • 2. recorded
    • 3. processed
    • 4. reported
  121. monitoring
    managements ongoing or periodic assessment of internal controlsto make sure they are working right
  122. auditor's process for understanding internal control and assessing control risk
    • 1. obtain and document understanding of design and operation
    • 2. assess control risk
    • 3. design, perform, and evaluate tests of control
    • 4. decide planned detection risk and substantive tests
  123. evidence used to understand internal controls
    • documentations
    • inquiry of entity personnel
    • observation of employees doing their work
    • reperformance
  124. 3 documents used to understand internal controls
    • narrative=written description of internal controls
    • flow chart=diagram documents and flow through organization
    • internal control questionaire=yes or no with no indicating potential deficiency
  125. assess control risk-are financial statements auditable
    • integrity of management
    • adequacy of accounting records
  126. assessment of control risk
    auditors expectation that internal control will prevent or detect material misstatements
  127. control deficiency
    • design or operation of controls does not permit detections/prevention of misstatement
    • 1. design deficiency=control is missing or not properly designed
    • 2. operation deficiency=well designed control does not operate as designed
  128. significant deficiency
    one or more control deficiencies not as severe as material weakness, but severe enough to be brought to managements attention
  129. material weakness
    significant deficiency results in reasonable possibilty that internal controls will not prevent/detect material misstatement
  130. determine if deficiencies are a material weakness
    evaluate based on likelyhood and significance
  131. 5 steps to identify deficiencies
    • 1. identify existing controls
    • 2. identify the absence of key controls
    • 3. consider the possibility of compensating controls
    • 4. decide whether there is a significant deficiency or material weakness
    • 5. determine potential misstatements that could result
  132. 4 procedures to test internal control
    • 1. questions appropriate client personnel
    • 2. examine documents records and reports
    • 3. observe control related activities
    • 4. reperform client procedures
  133. decide planned detection risk and substantive tests
    • link control risk assessments to alance related audit objectives
    • use audit risk model to determine correct level of detection risk for each balance related audit objective
  134. response to finding a material misstatement not found through clients internal controls
    • determine whether there is a material weakness present
    • unqualified opinion if client adjusts statements to correct misstatement before issuance
    • management can change internal control report to disclose that internal controls are not operating effectively
    • adverse opinion of internal control if there is a material weakness
  135. differences for non public companies and internal controls
    • 1. reporting requirements=no requirement for audit of internal controls. auditor must still od written report of significant deficiencies and material weaknesses
    • 2. extent of required internal controls=management is responsible for internal controls. auditor can withdraw if they believe internal controls are not adequate
    • 3. extent of understanding needed=only enough to assess whether statements are auditable
    • 4. assessing control risk=set control risk at maximum when internal controls are non existent or ineffective
    • 5. tests of controls needed=if control risk is already maximum, tests not done
Card Set:
2011-06-16 18:17:07
audit accounting

Audit Final
Show Answers: